Hi,
On Fri, Nov 27, 2009 at 12:46 PM, Stephen Nelson-Smith stephen@atalanta-systems.com wrote:
I have a site running drupal. The apache user therefore needs to be able to write certain files (CSS files for example).
I also have a directory under my web root which is a SAN mount, to which apache must be able to write.
What is the most secure way to implement this?
I am thinking:
chown -R root:apache /var/www/html chmod -R 0750 /var/www/html chown apache:apache for where need to write
Is there a better way?
What is usually a good approach is to setup specific directories where Apache can write (like "files" or "images") and then disable PHP/other code execution from that directory. So if someone is able to hack your web app and upload something (malicious code) into that directory, it won't get executed.
To put it briefly: keep your executable code and upload directories separate.
Cheers, Peter